Modern computer systems provide an industry standard bus specification to connect peripheral devices that add functionality to the system that is not built in. One example would be a Peripheral Component Interconnect Express (PCIe) interface SAS adapter, which allows SAS protocol drives to be attached to any system that has a PCIe interface for the adapter to be plugged into. These peripheral devices communicate with system software (Operating Systems, device drivers, BIOS, firmware or the like) by transferring information in and out memory attached to the system.
Direct Memory Access (DMA) is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit. DMA can also be used for “memory to memory” copying or moving of data within memory. DMA can offload expensive memory operations, such as large copies or scatter gather operations, from the CPU to a dedicated DMA engine. DMA based add-in devices in modern computer systems move data into and out of system attached memory for use by the operating system or other higher layer software. Usually this information is needed in sparse memory locations, and these devices (like hard drive IO controllers) may use scatter gather lists to move data into and out of sparse locations in memory. The scatter gather list is usually a part of a message or command that describes the operation a peripheral device should perform. The scatter gather list is essentially a list of buffer locations with associated control and size information.
There are many formats for the scatter gather list, including standards base such as IEEE-1212.1 format or vendor specific formats. If the scatter gather list is long it may be divided up into multiple chunks that may be addressed as a linked list of entries. For example, one implementation may use a special scatter gather list element to address the next memory location containing more scatter gather list elements. Alternatively, hierarchical implementations may be utilized, wherein a top level scatter gather list may be used to address a list of memory locations containing scatter gather list elements.
Many methods are available to improve data integrity of the information, including end-to-end data protection (EEDP) methods like T10 data integrity field (DIF). However these solutions do not address many of the issues where the command/message or associated scatter gather list that was generated by the system software might be corrupted during the transfer from system memory to the peripheral card itself. For example, on a write operation to system memory, if a scatter gather list entry corrupted data outside of the application space of the peripheral, the entire transfer could be corrupted. The data for the failing operation may be determined corrupted based on the T10 DIF check, however, data for a totally separate application could also be corrupted, and the system software may not be able to determine what data was compromised. This may indicate that the whole system may be compromised. In another example, on read operations from system memory, corruption may lead to access of system locations that do not exist, or are sensitive to the read operation and may cause other unintended hardware activity. Even though the EEDP check may fail on the data and protect corruption on the failing read operation, system side effects from the errant read may result in system instability or failure.
Another failure mechanism not addressed by current methods is if the size of the scatter gather element is corrupted. This may result in data being written beyond the allocated space in memory for a failing scatter gather list element. This corruption of size for a read from system memory may also result in too much data being read from the host memory system, which in turn could result in data overflow or unrelated data on the peripheral being overwritten. EEDP may protect the failing write or read, but not prevent damage to other system data that could be corrupted outside the application space.
Still another failure may result from corruption of the control information associated with the scatter gather list element. The control information may include direction, address size, entry type (data element or link element to the location of another set of scatter gather list elements), end of list marker or the like. Such a failure may corrupt data outside of the application space of the operation that is being executed.
Therein lies the need to provide systems and methods for protecting operations or commands generated by software.